More than 1 Billion Passwords Stolen – What to Do

You hear in the news that Yahoo, or some other company, got hacked and your username and password may be in the hands of attackers. There is a way to find out if your credentials were exposed.

An Australian Web Security Specialist, Troy Hunt, has compiled a database containing usernames that have been stolen in hacks and then published or sold. Some people use his site to look up their own email address or username.
His website is haveibeenpwned dot com. (In this case, Pwned refers to a condition of someone else having access to your login credentials.)

At his site, people enter their email address or any usernames they’ve used for online logins. Sometimes, they look up addresses of their family members. If there is a hit, the details of the breach are displayed on the site.

Even if not on the list, there is no guarantee that person’s credentials haven’t been stolen, but it still helps to know.

If you ever suspect that your login credentials to any website have been exposed, it is very important that you reset the password on that site, as well as any other sites where you may have used the same password.

There are other strategies to protect yourself. Enabling two-step-logon is very important these days since it can thwart attackers who know your username and password. Using a password manager, as opposed to letting your browser store passwords, can help make password security more convenient, but it still needs to be used carefully. These strategies are explained in detail elsewhere in this blog.

Forward this to anyone who might want to know if their username and password has been hacked.